Riding the State Unemployment Fraud ‘Wave’

Credit to Author: BrianKrebs| Date: Sat, 23 May 2020 13:40:05 +0000

When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S. states struggle to combat a tsunami of phony Pandemic Unemployment Assistance (PUA) claims. Meanwhile, a number of U.S. states are possibly making it easier for crooks by leaking their citizens’ personal data from the very websites the unemployment scammers are using to file bogus claims.

Read more

This Service Helps Malware Authors Fix Flaws in their Code

Credit to Author: BrianKrebs| Date: Mon, 18 May 2020 15:31:17 +0000

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals.

Read more

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Credit to Author: BrianKrebs| Date: Sat, 16 May 2020 04:34:45 +0000

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service sent to field offices around the United States this week says the ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information (PII) belonging to identity theft victims, and that “a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees.”

Read more

How Cybercriminals are Weathering COVID-19

Credit to Author: BrianKrebs| Date: Thu, 30 Apr 2020 18:20:57 +0000

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services. But it’s not all good news: The Coronavirus also has driven up costs and disrupted key supply lines for many cybercriminals.

Read more

Would You Have Fallen for This Phone Scam?

Credit to Author: BrianKrebs| Date: Tue, 28 Apr 2020 20:55:32 +0000

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that your bank may be making it super easy for thieves to impersonate the bank, by giving away information about recent transactions on your account via automated, phone-based customer support systems.

Read more

Sipping from the Coronavirus Domain Firehose

Credit to Author: BrianKrebs| Date: Thu, 16 Apr 2020 16:23:52 +0000

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic.

Read more

Who’s Behind the ‘Web Listings’ Mail Scam?

Credit to Author: BrianKrebs| Date: Mon, 23 Mar 2020 20:17:26 +0000

In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc. after receiving what looked like a bill for search engine optimization (SEO) services rendered on behalf of their domain names. The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings. What follows are some clues that point to a very convincing answer to that question.

Read more

Coronavirus Widens the Money Mule Pool

Credit to Author: BrianKrebs| Date: Tue, 17 Mar 2020 22:11:46 +0000

With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “money mules” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here’s the story of one upstart mule factory that spoofs a major nonprofit and tells new employees they’ll be collecting and transmitting donations for an international “Coronavirus Relief Fund.”

Read more